Clamav antivirus check does not pass for minified versions of assets

[trotsaleksandrov]

Hi!

Recently I've been working with one issue, and find out that starting from version 2.2.0 all minfied versions of assets are affected by PUA.Win.Trojan.Xored-1 which was found by clamav.

For example, you can compare version 2.3.1 not minified and minified. (Or you can re upload the relevant files by yourself using that service). Because PUA warnings are excluded in clamav by default, not all virus bases founds this issue. So that's why I've used virscan to represent the issue.

As noted above, it started to appear in version 2.2.0 (2.1.1 doesn't have this issue). To add more only minified versions have this issue. I've tried to disable Terser (which is used to prepare production build) and clamav didn't find any problems. Moreover, when trying to use different online js compressors/minifiers the result is the same - PUA.Win.Trojan.Xored is found again. Also tried to disable some of Terser options - but no luck.

My assumption is that there were some libraries added in 2.2.0, which causes the issue, but maybe you can see some other reason for that? Anyways, any help/investigation is appreciated!

[HackbrettXXX]

Mmh, no idea what might cause this. We have added a lot of code in #2959. And we've updated the Dompurify dependency in #2982. For more changes see https://github.com/MrRio/jsPDF/releases/tag/v2.2.0.

You also might try diffing the two versions and look for suspicious changes.

[trotsaleksandrov]

I see. Ok thanks, that is good to know. If anyone else have some other ideas about this, feel free add some info about that.